Using D7 -> ran Roguekiller and in the Rootkits tab I have the below. The author says this is because it is unknown. How do I verify and clear out the real rootkit without deleting a legitimate Windows file? thanks for the help!

I ran a permissions reset from D7 and then ran delete temp. internet files and it appears to hang. Could be I'm not patient enough and there is a hugh IE temp file. The other issue is in the MalwareScan utility when I check run keys it never populates?

The "Documents and Settings" and another folder in the c:/ root has a lock symbol and opening gives an "Access Denied". I ran the D7 "Permissions reset" and the D7 "Take Control" but nothing happened and the lock remains. This is a remote session so I don't have the computer to do an off-line repair.

On this machine and another one I was working on yesterday when I'm in the D7 Malware Scan and click the "Run Keys" it never populates, says Scanning and eventually "Not Responding". However, Sysinternals Autoruns works.